Monday, June 1, 2015

ASA File System and bootvar Command

I was preparing a brand new Cisco ASA 5525-X firewall for one of our client. The first thing I always check is the preloaded ASA image on the device. We've had prior ASAs with 8.6 code but now we're getting 9.1. When I checked the 9.1(2) code, there were reviews (which is great by the way) on Cisco's download site saying there were bugs found on this code, so I proceeded to download a more stable code which is the 9.1(6).



Instead of configuring a /30 IP address on the ASA and my PC and doing the usual TFTP (or FTP) transfer, I conveniently took out my USB flash drive, copied the new image and inserted it on the ASA's USB slot. There are 2 USB slots below the MGMT port and right beside the CONSOLE port. I used the copy command and pointed to the new ASA code using the boot command. I finally reloaded the ASA for the new code to take effect.


ciscoasa# show version

Cisco Adaptive Security Appliance Software Version 9.1(2)
Device Manager Version 7.1(3)

ciscoasa# dir ?

  /all             List all files
  /recursive       List files recursively
  all-filesystems  List files on all filesystems
  disk0:           Directory or file name      // a.k.a FLASH
  flash:           Directory or file name
  system:          Directory or file name
  <cr>
ciscoasa# dir ?

  /all             List all files
  /recursive       List files recursively
  all-filesystems  List files on all filesystems
  disk0:           Directory or file name
  disk1:           Directory or file name     // USB SLOT 1
  flash:           Directory or file name
  system:          Directory or file name
  <cr>
ciscoasa# dir disk1:

Directory of disk1:/

142    -rwx  62682268     12:04:58 Mar 29 2012  c2900-universalk9-mz.SPA.150-1.M4.bin
143    -rwx  21890692     13:15:44 May 26 2012  c870-advipservicesk9-mz.124-24.T4.bin
144    -rwx  310347344    12:52:10 Feb 04 2015  cat3k_caa-universalk9.SPA.03.07.00.E.152-3.E.bin
145    -rwx  38172672     10:01:48 May 21 2015  asa916-4-smp-k8.bin

2013200384 bytes total (1192165376 bytes free)
ciscoasa# copy ?

  /noconfirm      Do not prompt for confirmation
  /pcap           Raw packet capture dump
  capture:        Copyout capture buffer
  cluster_trace:  Copy from cluster_trace: file system
  disk0:          Copy from disk0: file system
  disk1:          Copy from disk1: file system
  flash:          Copy from flash: file system
  ftp:            Copy from ftp: file system
  http:           Copy from http: file system
  https:          Copy from https: file system
  running-config  Copy from current system configuration
  smb:            Copy from smb: file system
  startup-config  Copy from startup configuration
  system:         Copy from system: file system
  tftp:           Copy from tftp: file system
ciscoasa# copy disk1:asa916-4-smp-k8.bin ?

  cluster:        Copy to cluster: file system
  disk0:          Copy to disk0: file system
  disk1:          Copy to disk1: file system
  flash:          Copy to flash: file system
  ftp:            Copy to ftp: file system
  running-config  Update (merge with) current system configuration
  smb:            Copy to smb: file system
  startup-config  Copy to startup configuration
  system:         Copy to system: file system
  tftp:           Copy to tftp: file system

ciscoasa# copy disk1:asa916-4-smp-k8.bin disk0:

Source filename [asa916-4-smp-k8.bin]?

Destination filename [asa916-4-smp-k8.bin]?

Copy in progress...CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC

CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC

<OUTPUT TRUNCATED>

CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC

CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC

CCCC
Writing file disk0:/asa916-4-smp-k8.bin...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

<OUTPUT TRUNCATED>

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!
38172672 bytes copied in 19.430 secs (2009088 bytes/sec)

ciscoasa# dir flash:

Directory of disk0:/

10     drwx  4096         08:09:48 Apr 14 2015  log
20     drwx  4096         08:10:14 Apr 14 2015  crypto_archive
21     drwx  4096         08:10:24 Apr 14 2015  coredumpinfo
108    -rwx  38191104     08:13:30 Apr 14 2015  asa912-smp-k8.bin
109    -rwx  18097844     08:15:36 Apr 14 2015  asdm-713.bin
149    -rwx  38172672     19:12:25 May 20 2015  asa916-4-smp-k8.bin  
110    -rwx  12998641     08:20:18 Apr 14 2015  csd_3.5.2008-k9.pkg
111    drwx  4096         08:20:18 Apr 14 2015  sdesktop
112    -rwx  6487517      08:20:20 Apr 14 2015  anyconnect-macosx-i386-2.5.2014-k9.pkg
113    -rwx  6689498      08:20:22 Apr 14 2015  anyconnect-linux-2.5.2014-k9.pkg
114    -rwx  4678691      08:20:24 Apr 14 2015  anyconnect-win-2.5.2014-k9.pkg

8238202880 bytes total (8112111616 bytes free)

ciscoasa# show bootvar

BOOT variable = disk0:/asa912-smp-k8.bin
Current BOOT variable = disk0:/asa912-smp-k8.bin
CONFIG_FILE variable =
Current CONFIG_FILE variable =

ciscoasa# configure terminal
ciscoasa(config)# boot system disk0:/asa916-4-smp-k8.bin
ciscoasa(config)# show bootvar

BOOT variable = disk0:/asa912-smp-k8.bin
Current BOOT variable = disk0:/asa912-smp-k8.bin;disk0:/asa916-4-smp-k8.bin   // REMOVE 9.1(2)
CONFIG_FILE variable =
Current CONFIG_FILE variable =
ciscoasa(config)# no boot system disk0:/asa912-smp-k8.bin
ciscoasa(config)# show bootvar

BOOT variable = disk0:/asa912-smp-k8.bin
Current BOOT variable = disk0:/asa916-4-smp-k8.bin  
CONFIG_FILE variable =
Current CONFIG_FILE variable =

ciscoasa(config)# write memory
Building configuration...
Cryptochecksum: 1b4d1965 442beae6 63ff0698 b826c1f3

3000 bytes copied in 0.660 secs
[OK]
ciscoasa(config)# reload
Proceed with reload? [confirm]
ciscoasa(config)#


***
*** --- START GRACEFUL SHUTDOWN ---
Shutting down isakmp
Shutting down webvpn
Shutting down sw-module
Shutting down License Controller
Shutting down File system



***
*** --- SHUTDOWN NOW ---
Process shutdown finished


<OUTPUT TRUNCATED>


ciscoasa> show version       

Cisco Adaptive Security Appliance Software Version 9.1(6)4  
Device Manager Version 7.1(3)

No comments:

Post a Comment